Centos, Kolab and php-fpm

If you want to simultaneously use other PHP-versions or simply like to have the additional performance and manageability FastCGI Process Manager (PHP FPM) is the way to go. Basic receipt is:

yum install php-fpm
; Edit /etc/php-fpm.d/www.conf Listen-Port to 9054
systemctl enable php-fpm
systemctl start php-fpm
rm /etc/httpd/conf.modules.d/10-php.conf
; Edit in /etc/httpd/conf.d/ the websites you want to use PHP 5.4 FPM
            SetHandler "proxy:fcgi://"
apachectl graceful

Generally php-directives in conf and .htaccess-files don’t work with FPM. If you get errors on restarting httpd you have to remove those statements and either try to live without them or add .user.ini-files, add it to the global settings or use SetEnv-statements.
Kolab is tied to PHP 5.4 on Centos 7 and also needs some tweaking to work with FPM.

First you have to add  DirectoryIndex index.php to some of the Websites in /etc/httpd/conf.d/ as well as the aformentioned  SetHandler "proxy:fcgi://" . What else is missing PHP FPM does not forward Basic Authentication. Add

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

to kolab_syncroton.conf, iRony.conf and chwala.conf to make ActiveSync and Roundcube Files work again.

Side note: Apache 2.4.27 will either support HTTP/2 or mod_php (because prefork is needed for mod_php but disallows HTTP/2), you can’t have both. So to have HTTP/2 you have to use PHP FPM. mod_nss did not work for me for HTTP/2, only mod_ssl.

Update 2017-10-11: Kolab Syncroton  / ActiveSync employs a clever trick: When the Clients POSTs a SYNC command to get updates if any exist, the Server delays the answer if not up to 15 minutes. This is to save energy on the client. But with PHP FPM we need to set the Apache TimeOut to at least 960 seconds (and if you enable “slow logging” that timeout as well). This is no elegant solution as it is “a global solution to a local problem”, I will look into this.

Update 2018-03-11: Some tips from Red Hat on PHP.

One thought on “Centos, Kolab and php-fpm

  1. You also have to remove or comment .htaccess files in /usr/share/chwala/public_html/api/.htaccess and /usr/share/chwala/public_html/.htaccess and other locations. Watch the httpd-error-logs!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s